Germany Expands Cyber Incident Reporting to 29,500 Firms Under Revised IT Security Law
24.06.2026 - 20:42:49 | boerse-global.de
A sweeping overhaul of German IT security rules that took effect in December 2025 has increased the number of regulated companies sixfold, from 4,500 to roughly 29,500. Those affected must now implement an information security management system and report any security incident within 24 hours. Failure to comply can trigger fines of up to €10 million or two percent of global annual turnover, with board members facing personal liability.
Yet a significant portion of businesses say they are not getting enough help. According to the latest data, 62 percent of companies subject to the new rules feel inadequately supported in meeting the requirements.
Feeling unsupported in meeting new compliance demands is a common challenge when regulations change. Many UK businesses have closed the gap with a free resource that provides ready-to-use risk assessments, checklists, and toolbox talks covering key legislation like the Health and Safety at Work Act, COSHH and PUWER. Download the free Health & Safety Toolkit
The tighter regulatory environment coincides with rising anxiety about artificial intelligence in cybersecurity. The current "CISO Outlook 2026" report reveals a split sentiment among security leaders: while 73 percent view AI as an opportunity, 86 percent see it as a threat. Alarmingly, 98 percent of respondents fear that AI tools from third-party vendors could access their corporate data. Already, 57 percent of companies deploy AI-based systems for network monitoring.
The threat landscape has grown more sophisticated as well. Roughly 86 percent of phishing attempts are now AI-generated, and they achieve a click-through rate of 54 percent. Domain hijacking and ransomware remain the most critical risks.
Parallel to these IT security changes, the European Union adopted far-reaching decisions on June 23 that reshape occupational health and safety rules. The sixth revision of the EU Carcinogens Directive tightens exposure limits for substances including cobalt, polycyclic aromatic hydrocarbons, 1,4-dioxane, isoprene, and welding fumes. The goal: prevent approximately 1,700 lung cancer cases and about 19,000 other illnesses over the next 40 years. Workers required to wear personal protective equipment will also receive regular rest breaks.
At the same time, the EU is harmonising criteria for posting workers. A new digital system called eDeclaration aims to cut red tape, especially for small craft businesses.
German regulations on safety officers remain unchanged in terms of liability. Safety officers advise and support but hold no authority to issue instructions; they face no criminal or civil liability for their work. That changes if the safety officer also serves as a supervisor — then personal liability applies. Appointment of a safety officer requires agreement with the works council. A dedicated safety specialist becomes mandatory as soon as a company employs even one person. External providers can handle tasks from risk assessments to chairing occupational safety committee meetings.
Recent court rulings also affect the crafts sector. The Higher Regional Court of Koblenz clarified that companies offering turnkey photovoltaic systems must be registered in the trade register for both roofing and electrical engineering. Missing registration can lead to warnings under competition law.
Barrier-free access rules now extend into the private sector. A reformed Act on Equality for People with Disabilities introduces a prohibition on discrimination for private providers — for example in retail, hospitality, and finance. Fundamental structural changes are not yet required.
Fire safety is another area where compliance documentation is critical. A free Fire Safety Toolkit provides your business with a complete set of resources, including a fire risk assessment template, evacuation plan, and fire extinguisher training materials — already relied on by over 37,000 UK companies. Download the free Fire Safety Toolkit
For practical implementation, the Berufsgenossenschaft Holz und Metall (Wood and Metal Trade Association) is offering a free basic seminar on July 1, 2026, in Saarbrücken. Topics include personal emergency signal systems for lone workers and advanced training for fire safety officers.
